44 matches found
Milesight Routers - Information Disclosure
A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router...
EUVD-2025-29691
Malicious code in bioql PyPI...
CVE-2025-9971
Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a specific functionality...
CVE-2025-9971
Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a specific functionality...
CVE-2025-9972
Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the device...
CVE-2025-9972 Planet Technology|Industrial Cellular Gateway - OS Command Injection
Certain models of Industrial Cellular Gateway developed by Planet Technology have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the device...
CVE-2025-9972
Planet Technology’s Industrial Cellular Gateway models are affected by an OS Command Injection vulnerability (CVE-2025-9972). The CVSS reports a critical impact (NETWORK, NO privileges, no user interaction required) with high impact to confidentiality, integrity, and availability. The vulnerabili...
CVE-2025-9971 Planet Technology|Industrial Cellular Gateway - Missing Authentication
Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a specific functionality...
CVE-2025-9971
CVE-2025-9971 concerns Planet Technology’s Industrial Cellular Gateway, where a missing authentication vulnerability allows unauthenticated remote manipulation via a specific functionality. The connected sources describe the root cause as lack of authentication and indicate high impact on confide...
PT-2025-38125
Name of the Vulnerable Software and Affected Versions: Planet Technology Industrial Cellular Gateway affected versions not specified Description: Certain models of Industrial Cellular Gateway developed by Planet Technology are susceptible to a missing authentication issue. This allows...
The vulnerability of the microprogrammed software of the industrial cellular LTE modem OnCell G3470A-LTE, related to buffer overflow in the stack, allows a hacker to trigger a service failure.
The vulnerability of the microprogrammed software in the OnCell G3470A-LTE industrial cellular LTE modem is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
Exploit for OS Command Injection in Proscend M330-W_Firmware
CVE-2022-36779 exploit code for Unauthenticated OS...
Milesight UR32L luci2-io file-import firmware update vulnerability
Talos Vulnerability Report TALOS-2023-1852 Milesight UR32L luci2-io file-import firmware update vulnerability May 1, 2024 CVE Number CVE-2023-47166 SUMMARY A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network...
Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage
!/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password Encryption CVE: CVE-2023-43261 Script Author: Bipin Jitiya @win3zz Vendor: Milesight IoT - https://www.milesight-iot.com/ Formerly Xiamen Ursalink Technology Co., Ltd...
Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage Exploit
Milesight IoT router versions UR5X, UR32L, UR32, UR35, and UR41 suffer from a credential leaking vulnerability due to unprotected system logs and weak password encryption. !/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password...
Yifan YF325 httpd next_page buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1761 Yifan YF325 httpd nextpage buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-35055,CVE-2023-35056 SUMMARY A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network...
Yifan YF325 httpd nvram.cgi authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1762 Yifan YF325 httpd nvram.cgi authentication bypass vulnerability October 11, 2023 CVE Number CVE-2023-24479 SUMMARY An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.020221108. A specially crafted network...
Yifan YF325 libutils.so nvram_restore stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1763 Yifan YF325 libutils.so nvramrestore stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34365 SUMMARY A stack-based buffer overflow vulnerability exists in the libutils.so nvramrestore functionality of Yifan YF325 v1.020221108...
Yifan YF325 gwcfg_cgi_set_manage_post_data stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1788 Yifan YF325 gwcfgcgisetmanagepostdata stack-based buffer overflow vulnerabilities October 11, 2023 CVE Number CVE-2023-35967,CVE-2023-35968 SUMMARY Two heap-based buffer overflow vulnerabilities exist in the gwcfgcgisetmanagepostdata functionality of Yif...
Milesight UR32L zebra vlan_name function command injection vulnerability
The Milesight UR32L is a Lite industrial cellular router from Milesight. A command injection vulnerability exists in the Milesight UR32L zebra vlanname function, which can be exploited by an attacker to execute arbitrary commands on the system...